Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Processes and Daemons

advertisement 
Summer 2008
Daemons and Other Processes
Processes and Daemons
+ Fundamentally, kernels provide a few logical constructs
that mediate access to either real or virtual resources.
The two most important in Unix are processes and
filesystems.
+ You can view the characteristics of processes on a Unix
machine with a variety of programs, including ps, top,
lsof, and even ls.
CIS 4407
Summer 2008
Daemons and Other Processes
What Unix/Linux system administrators
see – ps
[root@localhost root]# cat /etc/redhat-release
Fedora release 8 (Werewolf)
[root@localhost root]# ps -elf
# This is SYSV;
F S UID
PID PPID C PRI NI TTY
TIME
4 S root
1
0 0 75
0 ?
00:00:08
4 S root
1573 1384 0 75
0 tty 00:00:00
5 S root
7492
1 0 75
0 ?
00:01:08
1 S smmsp
7497
1 0 75
0 ?
00:00:00
5 S apache 25079 1321 0 75
0 ?
00:00:00
5 S apache 25080 1321 0 75
0 ?
00:00:00
5 S apache 25085 1321 0 75
0 ?
00:00:00
5 S apache 25086 1321 0 75
0 ?
00:00:00
Berkeley = ’ps axlww’
CMD
init
-bash
sendmail: accepting
sendmail: Queue run
/usr/sbin/httpd
/usr/sbin/httpd
/usr/sbin/httpd
/usr/sbin/httpd
CIS 4407
Summer 2008
Daemons and Other Processes
What system administrators see – ps
5
5
5
5
5
5
5
4
5
5
S
S
S
S
S
S
S
S
S
S
root
root
root
root
root
root
root
root
root
root
13137 7492
16572 7492
18574 7492
20824 7492
22950 7523
23050 7523
32112 1151
32142 32112
32286
1
32317 7492
0 76
0 75
0 75
0 75
6 75
6 78
0 75
0 75
0 83
0 75
0 ?
00:00:00 sendmail: server [10.1.
0 ?
00:00:00 sendmail: k0CBPF4I01657
0 ?
00:00:00 sendmail: k0CBcKUk01857
0 ?
00:00:00 sendmail: k0CBs9CZ02082
0 ?
00:04:14 /usr/bin/perl
0 ?
00:03:58 /usr/bin/perl
0 ?
00:00:00 sshd: root@pts/0
0 pts/0 00:00:00 -bash
0 ?
00:00:00 sendmail: ./k0CD8sHV032
0 ?
00:00:00 sendmail: k0CD96Jh03231
CIS 4407
Summer 2008
Daemons and Other Processes
What Unix/Linux system administrators
see – top
[root@localhost root]# top -b -n1
# run in batch mode for one iteration
08:17:41 up 1 day, 18:12, 2 users, load average: 9.69, 9.14, 8.89
115 processes: 114 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: cpu
user
nice system
irq softirq iowait
idle
total
0.0%
0.0%
0.9%
0.0%
0.9%
0.0%
98.0%
Mem:
510344k av, 392504k used, 117840k free,
0k shrd,
17208k buff
240368k actv,
55488k in_d,
4760k in_c
Swap: 522104k av,
90392k used, 431712k free
72852k cached
PID
1090
1
3
USER
root
root
root
PRI
20
15
15
NI
0
0
0
SIZE RSS SHARE STAT %CPU %MEM
1088 1088
832 R
0.9 0.2
492 456
432 S
0.0 0.0
0
0
0 SW
0.0 0.0
TIME CPU COMMAND
0:00
0 top
0:08
0 init
0:00
0 keventd
CIS 4407
Summer 2008
Daemons and Other Processes
What Unix/Linux system administrators
see - lsof
[root@localhost root]# lsof
COMMAND
PID
USER
NODE
sendmail 20824
root 159526
sendmail 20824
root 159568
sendmail 20824
root 319023
sendmail 20824
root 32286
sendmail 20824
root 32104
sendmail 20824
root 32095
# heavily redacted to fit on page
NAME
/lib/libcrypt-2.3.2.so
/lib/libcrypto.so.0.9.7a
/usr/lib/libldap.so.2.0.17
/usr/lib/sasl/libcrammd5.so.1.0.19
/usr/kerberos/lib/libk5crypto.so.3.0
/lib/tls/libdb-4.2.so
CIS 4407
Summer 2008
Daemons and Other Processes
What system administrators see - lsof
sendmail
sendmail
sendmail
sendmail
sendmail
sendmail
sendmail
sendmail
20824
20824
20824
20824
20824
20824
20824
20824
root 318943 /usr/lib/libz.so.1.1.4
root 65611 /dev/null
root
TCP anothermachine.com:smtp->10.1.1.20:
root 65611 /dev/null
root 16220 socket
root
TCP anothermachine.com:smtp->10.1.1.20:
root
TCP localhost.localdomain:48512->localh
root
TCP anothermachine.com:smtp->10.1.1.20:
CIS 4407
Summer 2008
Daemons and Other Processes
Processes and Daemons : fork(2)and
clone(2)
+ Fundamentally, kernels provide some logical constructs
that mediate access to either real or virtual resources.
The two most important in Unix are processes and
filesystems.
+ A new process is created by fork(2); or, alternatively,
in Linux with clone(2)since processes and threads are
both just task struct in Linux.
CIS 4407
Summer 2008
Daemons and Other Processes
Processes and Daemons : fork(2)and
clone(2)
+ With clone(2), memory, file descriptors and signal
handlers are still shared between parent and child.
+ With fork(2), these are copied, not shared.
CIS 4407
Summer 2008
Daemons and Other Processes
Starting a Unix/Linux process
+ exec*()instantiates a new executable:
ó Usually, when doing an exec*()the named file is
loaded into the current process’s memory space
CIS 4407
Summer 2008
Daemons and Other Processes
Starting a Unix/Linux process
ó Unless the first two characters of the file are #! and
the following characters name a valid pathname to an
executable file, in which that file is instead loaded
ó If the executable is dynamically linked, then the
dynamic loader maps in the necessary bits (not done
if the binary is statically linked.)
CIS 4407
Summer 2008
Daemons and Other Processes
Starting a Unix/Linux process
ó Then code in the initial “.text” section is then
executed. (There are three main types of sections:
“.text” sections for executable code, “.data” sections
(including read-only “.rodata” sections), and “.bss”
sections (Blocks Started by Symbol) which contains
“uninitialized” data.
CIS 4407
Summer 2008
Daemons and Other Processes
Some Typical Assembly Code
.file
.data
.align
.type
.size
"syslog.c"
4
LogFile,@object
LogFile,4
;
;
;
;
;
the file name this originated in
a data section
put PC on 4 (or 16) byte alignment
create a reference of type object
and give it 4 bytes in size
CIS 4407
Summer 2008
Daemons and Other Processes
Some Typical Assembly Code
LogFile:
.long
-1
.align 4
.type
LogStat,@object
.size
LogStat,4
LogStat:
.long
0
.section
.rodata
;
;
;
;
;
;
;
;
address for object
initialize to a value of -1
align . to 4 (16) byte
a new object reference is created
give it 4 bytes also
here’s its address in memory
and initialized it to a value zero
here’s a ‘‘read-only’’ section
CIS 4407
Summer 2008
Daemons and Other Processes
Some Typical Assembly Code
.LC0:
.string "syslog"
[ ... ]
.text
.globl syslog
.type
syslog,@function
; local label for a string
; initialized to "syslog"
; now we have some executable code
; and it iss a global symbol for
; a function syslog()
CIS 4407
Summer 2008
Daemons and Other Processes
Some Typical Assembly Code
syslog:
pushl
movl
subl
%ebp
%esp, %ebp
$8, %esp
; and away we go...
CIS 4407
Summer 2008
Daemons and Other Processes
Daemon processes
+ When we refer to a daemon process, we are referring
to a process with these characteristics:
ó Generally persistent (though it may spawn temporary
helper processes like xinetd does)
CIS 4407
Summer 2008
Daemons and Other Processes
Daemon processes
ó No controlling terminal (and the controlling tty
process group (tpgid) is shown as -1 in ps)
ó Parent process is generally init (process 1)
ó Generally has its own process group id and session
id;
CIS 4407
Summer 2008
Daemons and Other Processes
Daemon processes
+ Generally a daemon provides a service. So why not put
such services in the kernel?
+ Another level of modularity that is easy to control
+ Let’s keep from growing the already largish kernel
CIS 4407
Summer 2008
Daemons and Other Processes
Daemon processes
+ Ease (and safety) of killing and restarting processes
+ Logically, daemons generally share the characteristics
one expects of ordinary user processes (except for the
lack of controlling terminal.)
CIS 4407
Summer 2008
Daemons and Other Processes
BSD-ish: Kernel and user daemons:
swapper
+ All UNIX processes have a unique process ID (pid).
+ Some BSD daemons execute in kernel mode
(pagedaemon and swapper are examples); the rest
execute in user mode.
CIS 4407
Summer 2008
Daemons and Other Processes
BSDish: Kernel and user daemons:
swapper
+ BSD swapper (pid 0) daemon
ó The BSD swapper is a kernel daemon. swapper moves
whole processes between main memory and secondary
storage (swapping out and swapping in) as part of the
operating system’s virtual memory system.
CIS 4407
Summer 2008
Daemons and Other Processes
BSD-ish: Kernel and user daemons:
swapper
ó SA RELEVANCE: The swapper is the first process to
start after the kernel is loaded. If the machine crashes
immediately after the kernel is loaded then you may not
have your swap space configured correctly.
CIS 4407
Summer 2008
Daemons and Other Processes
BSD-ish: Kernel and user daemons:
swapper
ó The swapper is described as a separate kernel process
in other non-BSD UNIXes. It appears in the Linux
process table as kswapd. It does appear on AIX, HPUX, IRIX; for example it appears in the Solaris process
table as sched (the SysV swapper is sometimes called
the scheduler because it ’schedules’ the allocation of
memory and thus influences the CPU scheduler).
CIS 4407
Summer 2008
Daemons and Other Processes
BSD: Kernel and user daemons:
pagedaemon
+ BSD pagedaemon (pid 2). The second process created
by the kernel is the pagedaemon. The pagedaemon is
a kernel process originated with BSD systems (demand
paging was initially a BSD feature) which was adopted
by AT&T. The pageout process (pid 2) in Solaris
provides the same function with a different name.
CIS 4407
Summer 2008
Daemons and Other Processes
BSD: Kernel and user daemons:
pagedaemon
+ SA RELEVANCE: This is all automatic – not much for
the SA to do, except monitor system behavior to make
sure the system isn’t thrashing (you would expect to see
this process taking up a lot of cpu time if there were
thrashing.)
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: init
+ init (pid 1) daemon: The first “user” process started
by the kernel; it’s userid is 0. All other “normal”
processes are children of init. Depending on the boot
parameters init either:
ó Spawns a single-user shell at the console
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: init
ó or begins the multi-user start-up scripts (which are,
unfortunately, not standardized across UNIXes; see
section 2.4 (starts on page 24) in USAH). There is
a lot of flux in this area; we are seeing, for instance,
in Fedora 9, replacement of the old SysV init with
upstart; hopefully we can get better depedency
resolution than we have had previously and faster
boot times.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: update (aka
bdflush/kupdate and fsflush)
+ update daemon: The update daemon executes the
sync() system call every 30 seconds or so. The sync()
system call flushes the system buffer cache; it is needed
because UNIX uses delayed write when buffering file I/O
to and from disk.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: update (aka
bdflush/kupdate and fsflush)
+ SA RELEVANCE: Don’t just turn off a UNIX machine
without flushing the buffer cache. It is better to halt
the system using /etc/shutdown or /etc/halt; these
commands attempt to put the system in a quiescent
state (including calling sync()).
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: update (aka
bdflush/kupdate and fsflush)
+ I like to do something like sync ; sync ; poweroff
or sync ; sync ; reboot just to make sure a few
manual synchronizations are made.
+ The update daemon goes by other names on other
UNIXes (see bdflush, bdflush(2), and kupdate in
Linux and fsflush in Solaris).
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ Even though well-written daemons consume little CPU
time they do take up virtual memory and process table
entries.
+ Years ago, as people created new services, the idea of
a super-daemon inetd was created to manage the class
of network daemons.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ Many network servers are mediated by the inetd
daemon at connect time, though some, such as
sendmail, postfix, qmail, and sshd are not typically
under inetd.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ inetd listens for requests for connections on behalf
of the various network services and then starts the
appropriate daemon, handing off the network connection
pointers to the daemon.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ Some examples are pserver, rlogin, telnet, ftp,
talk, and finger.
+ The configuration file that tells the inetd which servers
to manage is /etc/inetd.conf.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ The /etc/services file: This file maps TCP and
UDP protocol server names to port numbers.
+ The /etc/inetd.conf file This file has the following
format (page 824 in USAH and “man inetd.conf”):
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
ó 1st column is the name of the service (must match
an entry in /etc/services (or be in the services NIS
map))
ó 2nd column designates the type of socket to be used
with the service (stream or datagram)
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
ó 3rd column designates the communication protocol
(tcp is paired with stream sockets and udp is paired
with datagram sockets)
ó 4th column applies only to datagram sockets - if the
daemon can process multiple requests then put ’wait’
here so that inetd doesn’t keeping forking new daemons
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
ó 5th column specifies the username that the daemon
should run under (for example - let’s have fingerd run
as ’nobody’)
ó remaining columns give the pathname and arguments
of the daemons (here’s where TCP wrappers are typically
installed).
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ SA RELEVANCE: When installing new software
packages you may have to modify /etc/inetd.conf
and/or /etc/services. A hangup signal (kill -HUP
SOMEPID) will get the inetd to re-read its config file.
Or you might be able to use a startup script, such
as “/etc/init.d/inetd restart”) on most Linux
distributions.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ A popular replacement to inetd is xinetd, which
combines standard inetd functions with other useful
features, such as logging and access control.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: inetd and
xinetd
+ The configuration file structure for xinetd is also
different: /etc/xinetd.conf is used to modify
general behavior of the daemon and the directory
/etc/xinetd.d contains separate files per service. Your
CentOS machines use xinetd instead of inetd.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: portmap
+ portmap : portmap maps Sun Remote Procedure
Call (RPC) services to ports (/etc/rpc). Typically,
/etc/rpc looks something like:
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: portmap
[root@vm5 etc]# more /etc/rpc
#ident ‘‘@(#)rpc
1.11
95/07/14 SMI’’
/* SVr4.0
#
#
rpc
#
portmapper
100000 portmap sunrpc rpcbind
rstatd
100001 rstat rup perfmeter rstat_svc
rusersd
100002 rusers
nfs
100003 nfsprog
ypserv
100004 ypprog
mountd
100005 mount showmount
ypbind
100007
walld
100008 rwall shutdown
yppasswdd
100009 yppasswd
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: portmap
+ Sun RPC is a backbone protocol used by other services,
such as NFS and NIS. RPC servers register with this
daemon and RPC clients get the port number for a
service from the daemon. You can find operational
information using rpcinfo. For example, rpcinfo
-p will list the RPC services on the local machine,
then you can see which other machines on the same
local network provide the same services. Try: rpcinfo
CIS 4407
Summer 2008
Daemons and Other Processes
-b ypbind 1. On Solaris, portmap is now named
rpcbind. Reference: page 826 of USAH.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: portmap
+ SA RELEVANCE: Some daemons may fail if portmap
isn’t running. Most UNIXes these days automatically
start up portmap after installation, so it’s usually not a
problem.
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: syslogd
+ syslogd : syslogd is a daemon whose function is to
handle logging requests from
ó the kernel
ó other user processes, primarily daemon processes
ó processes on other machines, since syslogd can
listen for logging requests across a network
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: syslogd
+ A process can make a logging request to the syslogd
by using the function syslog(3). syslogd determines
what to do with logging requests according to the
configuration file /etc/syslog.conf
+ /etc/syslog.conf generally looks something like:
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: syslogd
*.info;mail.none;news.none;authpriv.none;cron.none
authpriv.*
mail.*
cron.*
*.emerg
uucp,news.crit
local7.*
/var/log/messages
/var/log/secure
/var/log/maillog
/var/log/cron
*
/var/log/spooler
/var/log/boot.log
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: syslogd
+ SA RELEVANCE: For a single UNIX machine, the
default /etc/syslog.conf will suffice.
+ You should read the file and figure out where the most
common error messages end up (/var/adm/messages
or /var/log/messages are typical default locations).
CIS 4407
Summer 2008
Daemons and Other Processes
Kernel and user daemons: syslogd
+ If you are going to manage a number of
UNIX machines, consider learning how to modify
/etc/syslog.conf on the machines so all the syslog
messages are routed to a single “LOGHOST”.
CIS 4407
Summer 2008
Daemons and Other Processes
Viewing processes on Windows
+ You can see the processes running under Windows via
the Windows Task Manager – Press CTRL-ALT-DEL,
select Task Manager, or just press CTRL-SHIFT-ESC.
See Chapter 18 in W2K3.
ó You can see/end/modify/switch/create applications
ó You can see/end processes
CIS 4407
Summer 2008
Daemons and Other Processes
Viewing processes on Windows
ó View CPU/memory performance
ó View network performance
ó View local and remote desktop users
CIS 4407
Summer 2008
Daemons and Other Processes
Viewing processes on Windows
+ A nice feature of the Processes display is the ability to
sort on any column by clicking on the column header
(the sort toggles from ascending/descending).
CIS 4407
Related documents
insert your school name here - College of Continuing Education
insert your school name here - College of Continuing Education
FILE SYLLABUS FORM - FSU Computer Science Department
FILE SYLLABUS FORM - FSU Computer Science Department
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Ben Counter - Grey Knights 01 - Grey Knights (Warhammer 40000
Ben Counter - Grey Knights 01 - Grey Knights (Warhammer 40000
protocols error
protocols error
Introduction to Computer Networks, Fall 1997
Introduction to Computer Networks, Fall 1997
Download
advertisement